package com.drops.poc;

import com.drops.entity.ControllersFactory;
import com.drops.ui.MainController;
import com.drops.utils.HTTPUtils;
import com.drops.utils.ReUtil;
import com.drops.utils.Utils;

/**
 * @ClassName: SnakeYAMLRCE
 * @Description: TODO
 * @Author: Summer
 * @Date: 2021/7/28 16:05
 * @Version: v1.0.0
 * @Description:
 **/
public class SnakeYAMLRCEPOC  {

    public final MainController mainController;

    public SnakeYAMLRCEPOC() {
        this.mainController = (MainController) ControllersFactory.controllers.get(MainController.class.getSimpleName());

    }

    /**
     * @Description: 判断是否存在依赖spring-boot-starter-actuator
     * spring-cloud-starter 版本 < 1.3.0.RELEASE
     * @param target
     *
     * @return:
     */
    public boolean hasSnakeYAMLRCE(String target){
        String regex = "spring-cloud-starter-([A-Za-z0-9.-]+).jar";
        String context = HTTPUtils.getRequest(target).body();
        String version = "spring-cloud-starter-1.3.0";
//        this.mainController.logTextArea.appendText(Utils.log("正在验证是否存在依赖spring-boot-starter-actuator、 spring-cloud-starter 版本 < 1.3.0！、snakeyaml"));
        if (context.contains("spring-boot-starter-actuator")){
            this.mainController.logTextArea.appendText(Utils.log("存在依赖：spring-boot-starter-actuator"));
            String result = ReUtil.hasVersion(context,regex);
            if (result != null){
                if (result.compareToIgnoreCase(version) >= 0){
                    this.mainController.logTextArea.appendText(Utils.log("依赖版本不符合，版本为：" +  result));
                }else {
                    this.mainController.logTextArea.appendText(Utils.log("依赖版本：" + result));
                    if (context.contains("snakeyaml")){
                        this.mainController.logTextArea.appendText(Utils.log("存在依赖 snakeyaml ！"));
                        this.mainController.logTextArea.appendText(Utils.log("可能存在 spring cloud SnakeYAML RCE ！"));

                        return true;
                    }else {
//                        this.mainController.logTextArea.appendText(Utils.log("不存在依赖 snakeyaml ！"));
                    }
                }
            }else {
//                this.mainController.logTextArea.appendText(Utils.log("spring-cloud-starte 依赖不存在！"));
            }

        }else{
//            this.mainController.logTextArea.appendText(Utils.log("spring-boot-starter-actuator  依赖不存在！"));
            return false;
        }
        return false;
    }



}
